In complex computing environments, passwords are often the source of frustration, wasted time and unnecessary expense. Users regularly access about eight to ten different systems. This frustrates users by requiring them to remember too many passwords, having multiple password prompts and the chore of resetting their passwords when they forget them. For example, employees in companies using IBM Lotus applications typically have numerous password prompts. Passwords are needed to access Microsoft Windows® as well as Domino HTTP sessions such as Lotus Domino® Web Access (“iNotes®”), Sametime®, QuickPlace®, and Domino Web applications. Users are often so afraid they will not be able to get back in or utilize a resource in the future, they leave the figurative key in the door, with weak passwords like “password” or sticky notes posted all over their cubicles. With the increase in remote access and demand for greater resource access by members, security issues are becoming a greater concern and bigger challenge. Dictionary attacks, hacking and other vulnerabilities caused by poor password quality are putting sensitive information and/or resources at risk.
Laws and regulations governing corporate data and privacy such as Sarbanes-Oxley in the United States and the European Data Directive further complicate the network security problem. At the same time a company is investing in strong security systems such as identity management, users create new points of exposure. If corporate systems and confidentiality are breached as a result of poor password policy, the company may be sanctioned despite its best IT efforts.
In addition to security risks, IT management and staff are often overworked and understaffed—too many help-desk calls and forgotten passwords, too many applications and systems to manage and too many users with passwords posted on their monitors for everyone to see. Lost or forgotten passwords represent substantial workloads for IT management help-desk calls. IT resources may be wasted on maintenance of an IT system rather than expanding the IT capabilities and/or tools.